51 matches found
CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2025-0357
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
CVE-2025-0357
The CVE-2025-0357 entry concerns the WordPress WPBookit plugin (versions up to 1.6.9). The underlying issue is insufficient file type validation in the function WPB_Profile_controller::handle_image_upload, permitting unauthenticated arbitrary file uploads on affected sites and potentially enablin...
CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
CVE-2025-0357 WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPBProfilecontroller::handleimageupload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2024-10215
The CVE-2024-10215 entry concerns the WPBookit WordPress plugin (versions up to and including 1.6.4). The root cause is that the plugin exposes user-controlled access to objects, allowing unauthorized users to bypass authorization and change passwords. The practical impact is that unauthenticated...
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
PT-2025-1579 · WordPress · Wpbookit
Name of the Vulnerable Software and Affected Versions: WPBookit plugin for WordPress versions up to, and including, 1.6.4 Description: The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change. This is due to the plugin providing user-controlled access to objects, letting ...
CVE-2024-54280 WordPress WPBookit plugin <= 1.6.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0...